This is the mail archive of the newlib@sourceware.org mailing list for the newlib project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Warn when using mktemp

From: Corinna Vinschen <vinschen at redhat dot com>
To: newlib at sourceware dot org
Date: Sat, 14 Mar 2009 13:20:44 +0100
Subject: Re: [PATCH] Warn when using mktemp
References: <20090313175308.GC9322@calimero.vinschen.de> <49BAA76F.3010400@codesourcery.com> <3862C5643B15B6468269546753EB2A920247C77A@BLTSXVS01.govsolutions.com> <20090313204930.GD9322@calimero.vinschen.de> <49BACFB9.6050109@codesourcery.com>
Reply-to: newlib at sourceware dot org

On Mar 13 14:27, Brooks Moses wrote:
> Corinna Vinschen wrote, at 3/13/2009 1:49 PM:
> > +NOTES
> > +Never use <<mktemp>>.  The generated filenames are easy to guess and
> > +there's a race between the test if the file exists and the creation
> > +of the file.  In combination this makes <<mktemp>> prone to attacks
> > +and using it is a security risk.  Whenever possible use <<mkstemp>>
> > +instead.  It doesn't suffer the race condition.
> > +
> 
> I find "race" a bit misleading [...]

the word "race" is used in all man pages I saw.  I just tried to find
my own text so as not to copy a foreign man page.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat

References:
- [PATCH] Warn when using mktemp
  - From: Corinna Vinschen
- Re: [PATCH] Warn when using mktemp
  - From: Brooks Moses
- RE: [PATCH] Warn when using mktemp
  - From: Howland Craig D (Craig)
- Re: [PATCH] Warn when using mktemp
  - From: Corinna Vinschen
- Re: [PATCH] Warn when using mktemp
  - From: Brooks Moses

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]